SureLog SIEM comes with advanced correlation engine, behavioral analytics and Machine Learning (ML) models to automate pattern discovery while facilitating intelligent rule creation.
As a subfield of Artificial Intelligence (AI), SureLog’s ML uses algorithms to find patterns in data and models them to detect anomalous behavior of users and entities. SureLog’s machine learning library, pre-packaged with over 1,000 models and correlation rules, enables organizations to better identify advanced persistent threats (APTs) that have previously been flying under the radar.
The emergence of large volumes of fast-moving unstructured data by web, cloud, email, social media, and IoT poses a challenge to all organizations. Combining the information gleaned from machine learning models with the log and event data, SureLog SIEM detects known threats in real time while supporting advanced incident response processes. In a time that cybersecurity talent is stretched thin, this is a huge benefit and relief to IT security teams.
Having access to powerful intelligence feeds, SureLog SIEM provides predictive analytics, continuously learning from historical and present data via machine learning techniques, that helps predict and prevent future attacks on your IT systems. Operating up to 100 times the speed of manual threat investigations, it spots attacks, uncovers new threat patterns, triages threats and identifies the root cause of an attack.
SureLog ML models profile a given user or asset behavior on a particular aspect of interacting with the corporate or IT environment. Here are few examples of ML detection models:
Domain Generation Algorithm Detection Model
Detecting the use of a domain generation algorithm is surely critical. Attackers implement DGAs in malware to periodically generate a large number of domain names.
SureLog utilizes Naive Bayes classifier for DGA detection.
The Naive Bayes Classifier technique is based on the so-called Bayesian theorem and is particularly suited when the dimensionality of the inputs is high. Despite its simplicity, Naive Bayes can often outperform more sophisticated classification methods.
Malicious URL Detection Model
Malicious URL, a.k.a. malicious website, is a common and serious threat to cybersecurity. Malicious URLs host unsolicited content (spam, phishing, drive-by exploits, etc.) and lure unsuspecting users to become victims of scams (monetary loss, theft of private information, and malware installation), and cause losses of billions of dollars every year. It is imperative to detect and act on such threats in a timely manner. SureLog implements Logistic Regression in order to detect malicious URLs.
First-time category model
This model considers previously observed behavior patterns, and will automatically flag anything outside of the norm.
Identity-based classification model
This model places identities with similar attributes into different classification buckets and evaluates behaviors to discover anomalous activity for relevant identities. This enables you to prevent unauthorized access to highly sensitive information as well as to apply appropriate actions to identities based on pattern recognition and sorting.
Interconnected Modes Model
This model examines a network of interconnected nodes to identify and analyze relationships. It finds matches both for known and new patterns of interests between interconnected objects. It is very effective to spot and stop social media-related attacks.
Fraud Detection Model
This model identifies unusual increases in volume to detect and prevent fraudulent behavior in your organization.
Malicious Command Execution Model
This model identifies elevated access to users, plus it identifies abnormally frequent system access or bypass attempts. It uses clustering and frequency analysis to detect unusual behavior.
To learn more about other Machine Learning SureLog SIEM models, please contact us.